Applies To:
Show VersionsBIG-IP PEM
- 13.0.1, 13.0.0
Overview: Performing RADIUS authentication and accounting
In Policy Enforcement Manager™, the RADIUS client has the ability to initiate RADIUS authentication for a subscriber. You can configure the virtual servers that are used to request for authentication of DHCPv4 and DHCPv6 discovered subscribers. The subscriber authentication may be triggered by subscriber discovery based on other means, such as obtaining RADIUS accounting messages. The ability to generate accounting messages helps to track subscriber usage as a RADIUS client.
RADIUS authentication is initiated when PEM receives messages, showing that the subscribers are attempting to connect to the network. The two factors of initiation are:
- The start of DHCP exchange showing that the subscriber attempts to obtain an IP address (fixed line deployments).
- When the RADIUS accounting start message indicates that the subscriber has passed through the initial phase of access but still needs authentication.
Task summary
Creating a RADIUS AAA profile for policy enforcement
Create a RADIUS profile, which contains the shared secret of the RADIUS server, the transaction timeout, password, and retransmission timeout details, for configuring the RADIUS authentication profile settings.
The RADIUS profile that you created can be chosen from the RADIUS profile in
, depending on the virtual server IP address type.